SacramentoRecruiter Since 2001
the smart solution for Sacramento jobs

Director, Information Security Risk Management

Company: The Judge Group
Location: Sacramento
Posted on: August 5, 2022

Job Description:

Location: Sacramento, CA Salary: Competitive Description: The Judge Group has partnered with one of the largest and most reputable Financial Services companies in CA and is currently seeking a Director of Information Security Risk Management. This is a permanent, direct hire role that includes great pay and full benefits. This is a hybrid remote position and candidate must live in Sacramento Area.

For immediate consideration, qualified candidates can send resumes directly to GENERAL DESCRIPTION:

The Director, Information Security Risk Management is responsible for implementing and monitoring Company s information security program; ensuring processes are effective in managing security risks in a manner that is consistent with strategic goals, organizational objectives, and risk appetite. Including establishing and maintaining risk management programs to ensure that all company and member information assets and associated technology, applications, systems, infrastructure, and processes are protected in the digital ecosystem in which we operate. This role requires a strong, dynamic leader with sound knowledge of business management, and deep knowledge of risk management, cybersecurity technologies, and security best practices. This role is responsible for maintaining the confidentiality, integrity, and availability of all Company data as well as ensuring compliance with all information security laws, regulations, policies and best practices. The Director, Information Security Risk Management will collaborate with various stakeholders and cross functional teams to evaluate, recommend, and drive improvements to enterprise security practices and processes across the Company.

  • Lead the second line information security function by providing leadership, innovation, governance, reporting and effective challenge necessary to identify, measure, mitigate, monitor and report on Company s information security risk program in accordance with the established risk management framework.
  • Continuously improve the Company s ability to identify, assess, prioritize and mitigate information security risks throughout the organization and create recommendations on how to integrate security controls as part of daily operations.
  • Oversee risk identification activities and processes that continuously identify threats and vulnerabilities, including cybersecurity threats, to determine the Company s information security risk profile, including cybersecurity risk.
  • Establish and maintain appropriate policies, standards and procedures to support the information security program.
  • Monitor information security issues related to Company systems and workflows to ensure internal security controls are appropriately designed and operating as intended, ensuring risk mitigation activities support the information security program.
  • Develop risk management tools, practices, and policies to analyze and report information security risks, and to manage risks according to an enterprise risk management framework.
  • Design, implement and execute second line information security risk assessment processes. Perform independent review and challenge of the first line security assessments and remediation plans.
  • Develop and maintain an information security risk management program, including a strategic roadmap for maturing the program that is aligned with the business to mitigate or lessen the impact of current and future security risks for Company. Understand the dynamic threat landscape and strategically adjusts and aligns the roadmap on an ongoing basis to ensure it addresses the changing security risk environment.
  • Promote a culture of security by providing and maintaining effective information security and awareness training and ongoing security-related communications to all levels of the organization.
  • Monitor and assess current technologies, systems, processes and procedures, current and proposed laws, regulations, and industry standards related to information security to ensure the Credit Union remains compliant.
  • Work with outside consultants, as appropriate, for independent audits and assessments.
  • Tactfully yet assertively challenge assumptions and perspectives on information security risk throughout the organization. Recommend improvements to policies, procedures, and practices to reduce costs, improve internal controls and/or drive efficiencies.
  • Engage with senior leadership and provide detailed insights into areas of information security risk for the organization.
  • Provide key inputs to risk oversight committees, including creating and updating risk management reports and presentations on the evaluation of information security program effectiveness, level and direction of risks, key and emerging risks, and status of previously identified risk and control issues.
  • Develop standardized metrics and reporting to enable continuous monitoring against program goals. Identify and implement improvements which support the overall maturity and growth of the program. Prepare and deliver executive-level presentations.
  • Coordinate and collaborate with line of business and support functions (e.g., Legal, Compliance, Fraud, Privacy, Physical Security, and Vendor Management, among others), to integrate the information security program across all areas of the credit union.
  • Participate in and report on security incidents and events managed by the first line in accordance with the Incident Response policy to protect the credit union s information assets, including intellectual property, regulated data, and reputation.
  • Foster a positive and engaging work environment where team members can grow in relevant knowledge and experience.
  • Recruit and develop talent; manage an organization that keeps resources productively engaged in moving the business forward.
  • Maintain current knowledge of security domain industry trends, best practices and techniques that can be practically applied at Company. Partner with external agencies and peer companies to coordinate information exchange and leverage best practices for information security.
  • Perform other duties as required to support the enterprise risk management program and the business, such as developing ad-hoc analysis, performing deep dive investigations, or driving specific risk initiatives.
  • Maintain a thorough understanding of state and federal laws and regulations related to credit union compliance including bank secrecy and anti-money laundering laws appropriate to the position.

    • Bachelor s degree, preferably in a Management Information Systems, Information Security, Information Technology/Computer Sciences field, or equivalent job experience preferred.
    • 10+ years of relevant experience in information security and risk management in a financial institution.
    • 5+ years direct supervisory experience. Experience developing and managing an information security risk management strategy and program is required.
    • Knowledge of risk management governance models, methods, practices, and processes inclusive of risk identification, analysis, mitigation/control, communication, monitoring, reporting and escalation.
    • Demonstrated knowledge of information security standards, rules and regulations related to information security and data confidentiality, and server, application, database, network security principles for risk identification and analysis.
    • Experience in security policy development, security education, network testing, application vulnerability assessments, risk analysis, and compliance testing required.
    • In-depth knowledge of information security technology. Proficient in network security design and architecture, capacity planning, end-point protection, patch-management, vulnerability management, penetration testing, intrusion detection, risk management, mobile device management, identity and access management, and data loss prevention. Experience in managing information security risks in a cloud-based environment.
    • Strong knowledge of concepts and best practices including, but not limited to, security frameworks and guidelines established by the Federal Financial Institutions Examination Council (FFIEC), National Institute on Standards in Technology (NIST), the International Information Systems Security Certification Consortium (ISC) , International Standards Organization (ISO), and the Control Objectives for Information Technology (COBIT) established by the Information Systems Audit and Control Association (ISACA).
    • Strong leadership skills and ability to organize and motivate others.
    • Demonstrated experience with regulatory agencies, requirements, and/or regulatory compliance, including familiarity with GLBA and CCPA requirements.
    • Ability to interface and build good working relationships with regulators/examiners.
    • Strong network within the information security/information risk management community contacts and the ability to represent the Credit Union.
    • In-depth understanding of financial services and high degree of business acumen.
    • Strong analytical, problem-solving and workflow analysis skills, including demonstrated ability to quickly synthesize information from various sources, identifying key points and issues and strategize for solutions.
    • Ability to apply judgment around risk management and control frameworks and industry best practices and make sound risk/reward decisions using a balance of data, logic and intuition to inform critical business strategies and processes...... click apply for full job details

Keywords: The Judge Group, Sacramento , Director, Information Security Risk Management, Executive , Sacramento, California

Click here to apply!

Didn't find what you're looking for? Search again!

I'm looking for
in category

Log In or Create An Account

Get the latest California jobs by following @recnetCA on Twitter!

Sacramento RSS job feeds